If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

This is from the server used to download a keylogger that looks only for info on bank accounts then emails it to an '.ru' mail server. the originating address of the email is in china which is no doubt owned by someone from somewhere else.

victims are lured to a website threw an email:

Hello...

It has come to my attention that you are being under the police investigation.
Is that true? Have you really commited such crimes?

I just wanted to know how the javautil.zip can be made to auto - execute in one's machine; is it because the file is really called javautil.exe? maybe this is a stupid question, but maybe you could tell me what the mime type vun looks like to be aware when opening different webpages.
Don't you have your internet settings set so that there has to be authorization before a download is made into your computer?

Imagination is greater than intelligence when referring to intricate things, the reason why is that if you can\'t imagine how something works, how do you expect to understand it and therefore to know anything about it.

the web server that is being used is a completly owned server. (its really disgraceful)

*ROTFLMAO*

Holy crap! When you said completly you weren't kidding. Anybody else see that mess?
Not only does it look like 3 seperate doors, it appears as if they didn't even need them in the first place. No pun intended.

This is a perfect example of why you need to lock down your machines. Not just patched either. Learn how some of this stuff actually works, if you don't need it disable it. Granted some of this stuff could of been enabled by the attacker.

"one major issue left out by that link is the fact that it is not just a
keylogger, it also rapes the Protected Storage Subsystem, as is obvious
by the fact that it imports pstorec.dll, and calls PStoreCreateInstance.
Another interesting thing to note is that it can be uninstalled by
finding the EXE and running it with the "Uninstall" flag... "

Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

I wonder if my firewall would catch it...is it safe to click on that link without having it execute on my PC. I'm using win2k/XP dual boot. Connected through 2k rite now. I would like to tear the program they're using appart to see what I learn from it. If you have the file, would you be able to post it as an attachment for me please.